Operating System - HP-UX
1834395 Members
1897 Online
110066 Solutions
New Discussion

EMAIL NOTIFICATION FOR PASSWORD EXPIRING

 
Brenda G Follin
Occasional Advisor

EMAIL NOTIFICATION FOR PASSWORD EXPIRING

I need to find out if there is a way to send an email to a user on a trusted system 11.11 that their password is going to expire.
7 REPLIES 7
harry d brown jr
Honored Contributor

Re: EMAIL NOTIFICATION FOR PASSWORD EXPIRING

Write a script to query using getprpw

live free or die
harry d brown jr
Live Free or Die
Uday_S_Ankolekar
Honored Contributor

Re: EMAIL NOTIFICATION FOR PASSWORD EXPIRING

If your system is trusted then you can use this command

/usr/lbin/modprdef -m expwarn=5

This will send mail to users 5 days before the expiration.

-USA..
Good Luck..
Bill Hassell
Honored Contributor

Re: EMAIL NOTIFICATION FOR PASSWORD EXPIRING

> /usr/lbin/modprdef -m expwarn=5
>
> This will send mail to users 5 days before the expiration.

Actually, this will NOT send any email, it simply writes a message on the screen when you login. Note also that modprdef is a backend command for SAM and is used to report and change system-wide security policies for passwords. So it is undocumented and resides in the /usr/lbin directory.

getprpw is similar but due to customer demand, both modprpw and getprpw now have man pages (11i and higher). This is not easy to figure out because of the mixed data represenations (epoc seconds versus YYYY MMM DAY TIME).

So I've attached a function that requires one variable to be set: USER, and to trace it to watch the steps, you can also set the variable DEBUG. The attachment has 2 lines at the bottom to test it:

USER=$1
DayTillPWexp

Save the attachment in a file (perhaps called expire?), move it to your HP-UX system and make it executable, then run it like this:

./expire billh

or trace it:

DEBUG=1 ./expire billh


Bill Hassell, sysadmin
rariasn
Honored Contributor

Re: EMAIL NOTIFICATION FOR PASSWORD EXPIRING

Configure /etc/mail/aliases to send mail to user.
Brenda G Follin
Occasional Advisor

Re: EMAIL NOTIFICATION FOR PASSWORD EXPIRING

Bill, Hassell,
I want to send an email when it is 14 days before the id's password is to expire. Do I need to have an alias for each id?
Bill Hassell
Honored Contributor

Re: EMAIL NOTIFICATION FOR PASSWORD EXPIRING

> I want to send an email when it is 14 days before the id's password is to expire. Do I need to have an alias for each id?

Unix assumes that each user has their email on the box where they login. That is typically not true anymore, users have email on some other box (perhaps Windows based?). So every user login needs to have a .forward in their login $HOME directory specifying where any email for this login should be sent (no alias necessary). Just put one line in $HOME/.forward for each user. The line is the location where any email should be sent.

Now the function I attached in a previous message was taken from an information script so it simply reports the expiration date. You'll need to rewrite the code to compute the expiration date. Be sure to handle locked accounts (logins -x -l username will tell you) or accounts that are beyond the default limit but not yet locked.


Bill Hassell, sysadmin
Brenda G Follin
Occasional Advisor

Re: EMAIL NOTIFICATION FOR PASSWORD EXPIRING

The script provided and adding a .forward file for each id that the email is needed worked.